Data Privacy Policy – Corus Hotels

Corus Hotels operates and manages the Corus Hotels websites. We at Corus Hotels value the trust placed in us by guests, patrons, visitors, suppliers and colleagues (“customers”) who give us their personal data. Data Security is of the highest priority for us. We have mandated our IT service providers to safeguard against any breach. Our IT service provider’s link and their Data Security Policy and Protocol is available on our GDRP Portal.

PRIVACY STATEMENT

We aim to be as clear as possible about what we do with personal data and why we do it.

Corus Hotels are committed to the online privacy of all its users.

This Privacy Policy regulates the use by Corus Hotels respectively and its partner companies of the information you provide when using CORUS HOTELS website.

Corus Hotels’ website is run by Corus Hotels Ltd and its web design and content management partners (“we“, “us“, “our“).

Corporate and Commercial Individual Data

Corus Hotels makes a distinction between corporate and commercial data of individuals and their corporate and commercial emails and that of personal data and emails. Corporate and commercial data, including individual corporate and commercial emails, are retained on the basis of legitimate interest to facilitate the ordinary of our business and commercial relationships and transactions and business needs in the course of business dealings.

Individuals with corporate or commercial emails may at any time write to the Data Processing Officer at DPO@corushotels.com and/or to the address provided below to remove retention of their data.

This can result in Corus Hotels no longer being able to communicate or transact with any such individual and may request a company or body corporate dealing with us to nominate another person expressly willing to receive communication and their corporate and commercial individual data to be retained in the course of business dealings subject always to the person’s individual rights as set out herein. It shall be the responsibility of each company or body corporate to establish the express consent of persons acting on their behalf.

Information We Collect

To be able to stay at one of our hotels or use its facilities we have to collect certain information from you. As part of this, you are required to give your contact information. We use the information given to us by you to provide the service you request from us in the way that is set out in this privacy policy.

You can easily change your registration details through the account facilities available on the website or by getting in touch with our Data Protection Officer at the address below.

When a booking is made on our website we will collect data with respect to the guest name(s), date of arrival, number of rooms, number of nights, room type, room rate and payment details (card type, name, number, expiry date, CVV, address). We are not responsible for the accuracy of the payment and type of room details and the guest is solely responsible for checking these details.

User name and password – You may check the REMEMBER ME’ Box and uncheck it at any time. Our IT systems are designed to collect and store your user name and password to enable you to log-in easily without having to complete your personal details each time should you chose to set up an account with us. If you do not choose to set up an account with us we will not retain your user name or password.

Name, address and postcode – We collect this information to know who you are and to enable us to link your booking to your room, your place of origin and how to contact your next of kin in case of emergency or supply the relevant UK Government security agencies with the information they may require and which we are legally obliged to do. We also use postcodes to quickly get your full address to save you typing it out. We have provided an Opt-out box for you to opt-out of this data retention at any time.

Business information – We keep records such as employer details and job title, particularly from our corporate customers

Purchase history – We may retain your transaction history with us, including the hotels that you have stayed in, activities on site (e.g. food purchases and Wi-Fi use) and the date(s) of your stay;

Age / date of birth – we may occasionally need to collect your age or date of birth to be able to send you birthday related offers if you have agreed to receive marketing communications.

Email address – We send a confirmation of your order or booking via email as well as other service related communication. If you have agreed to receive marketing communications these may also be sent by email.

Telephone numbers – if there are any problems with your order or we need to check anything, we need to be able to contact you quickly.

Payment card number, expiry date, issue no and name of card holder – A payment card is required in order to register for an online account. We retain your payment card information for the duration of the time you hold an account with us. This is necessary to enable payment, to process refunds and in order to help us monitor fraudulent activity on accounts.

Where you heard about us – We may ask you this to help make our marketing more efficient.

Customer Communication – If you contact us we may keep a record of that correspondence. We also retain Customer communication preferences and keep record of Customer feedback.

Sensitive personal data – Sensitive personal data includes, for example, information related to your health, race or ethnic origin or religion. We may need sensitive personal data from you for certain products and services, and in some cases, we may be able to assume sensitive personal data about you from the information you provide. By letting us have any sensitive personal data, you expressly consent to us using and telling others about any of your sensitive personal data so we can provide you with the goods or services requested by you in the way set out in this Privacy Policy.

Third party information – If you give us information about another person you confirm you have their authorisation to do so and that you have identified Corus Hotels to them and told them what we will use their information for, as set out in this Privacy Policy and that they have given permission for us to be able to use their personal information in the manner described. Where you book accommodation for other people, we may ask you to provide the above information about them (e.g. we will usually ask for the title, first name and surname, e-mail address and nationality of a person for each room that you book for identification purposes). You should only provide us with information about other people if you have their permission to do so.

IP addresses – When you visit our site, we will automatically receive your IP address, a unique identifier for your computer or other access device.

You may also provide us with personal information if you contact customer services, if you enter promotions or competitions run by us or if you get in touch with us in some other way, for example by way of an email facility provided on the website.

How we use the information we collect

We may use your information for the following purposes:

  • Administration and management of room and restaurant bookings and our hotels and restaurants;
  • Processing transactions;
  • Administration of our Digital Channels, including in respect of our registered users, who may also store a personal identification number online to easily access and apply room preferences and personal details when booking through our automated telephone service;
  • Administration and management of our competitions, promotions and prize draws – you should check the applicable terms and conditions of the competition, promotion or prize draw for further information;
  • Sending you communications about our products and services that we think may be of interest to you. We may also send you service information communications (e.g. reservation/booking confirmation).
  • Business, website and consumer analysis and reporting; and
  • Correspondence between us, including where you use our ‘Contact us’ form or where you agree to receive post-stay questionnaires (if applicable) and to facilitate your arrival pre-stay communication (if required).

Marketing – we would like to contact you with our product and services and offers and promotion. If you consent for us to occasionally contact you, you will be asked to expressly consent by checking the relevant box provided. You can uncheck the box or Opt-Out to any email at any time or click on the unsubscribe link provided at the end of each email. Please also read our section on Marketing Research below. When you do so we will not contact you thereafter.

Customer care and correspondence – as part of our customer care procedures, we may follow-up, either by letter, phone, SMS or email, customers who have stayed at our hotels or purchased goods or services from our website or who have posted comments about Corus Hotels on the internet, for example to resolve a complaint or to ask for a testimonial.

Market research – from time to time, we may also use your information to contact you for market research purposes. If you check your consent for us to contact you for marketing purposes, we may contact you by letter, phone, SMS or email. You can uncheck this section at any time if you no longer wish for us to contact you for this purpose. We will not contact you for any marketing research thereafter.

Website improvement – to help us design our website and improve your experience, we may collect information about the way you use and access our website. Our web system collects information about each visitor, including IP address, the length of time spent on the website and the order in which pages are visited. We may employ third party experts to help us look at this information. However, we make sure that anyone we employ treats all information with the same sensitivity and security that we treat it. This is explained in more detail in the cookies section below.

Fraud Prevention – we will only share your data with law enforcement or regulatory agencies when requested.

Cookies Policy

Our sites use a number of different cookies. Below we explain the cookies we use and why we use them.
What is a cookie?
Cookies we use and why we use them
Your right to refuse cookies and what happens if you refuse them

What is a cookie?
A cookie is a small text file that may be placed on your device when you visit our sites. When you next visit our sites the cookie allows us to distinguish you from other users.

There are two broad categories of cookies:

  1. Persistent cookies
    Persistent cookies remain on your device until deleted manually or automatically.
  2. Session cookies
    Session cookies remain on your device until you close your browser when they are automatically deleted.

Cookies we use and why we use them

  1. Essential cookies
    Essential cookies are technical cookies that are required for the operation of our sites. Without essential cookies our sites can’t operate properly. Essential cookies include, for example, cookies that enable you to log into secure areas.
  2. Performance cookies
    Performance cookies allow us to recognise and count the number of visitors to our sites and to see how visitors move around them. This helps us to improve the way our sites work by enabling us to tailor our sites to the way visitors use them. The information we collect from performance cookies is aggregated which means that we cannot identify you from it.
  3. Experience cookies
    Experience cookies allow our sites to remember the choices you make. Our sites use experience cookies to provide you with enhanced and personalised features. For example, we use information collected through what are known as “web-analytic” cookies to compare the choices you make to those of our other customers so that we can learn from those choices.
    Information collected by experience cookies cannot track your browsing activity when you leave our sites to browse other sites.
  4. Marketing cookies
    Marketing cookies record your visits to our sites, the pages you have visited and the links you have followed. We use this information to make our sites and the advertising displayed on them more relevant to your interests. For example, sometimes we use marketing cookies to limit the number of times that you see an advert. Sometimes we share information about your browsing activity (which we have collected from cookies) with our advertising partners. They may use this information to advertise products, which may interest you, on other sites.

Your right to refuse cookies and what happens if you refuse them
You can refuse cookies by activating the relevant setting on your browser. However, if you do so you may not be able to access all or parts of our sites. If you carry on using our sites and do not change your browser settings we will assume you consent to us using cookies as described above.

See our Cookies Policy by clicking on this link:

Access Rights

You have a right to access the personal information that is held about you. Please refer to details of your right by click on this link Guest Access Rights on our GDPR Portal. To obtain a copy of the personal information Corus Hotels holds about you, please email us at DPO@corushotels.com enclosing your postal details and the details of your request.

Alternatively, you can write to us at the following address:
Data Protection Officer
Corus Hotels Ltd

Corus House

1 Auckland Park

Milton Keynes

MK1 1BU

Security – at Corus Hotels, information security is very important to us and we have taken many steps to make sure personal data is secure. Information about you will be kept safe and secure. In order to prevent unauthorised access or disclosure of your information, we have put in place suitable physical, electronic and managerial procedures to protect and secure information that is collected online.

Payment Card Security – we use Lloyds Bank plc, Global Blue Service Company Austria GmbH and Bank of China (UK) Limited and the latest SSL (Secure Sockets Layer) technology to make sure that the details you provide when placing an order are kept private and secure, making shopping on our website safe. Our secure server encrypts your credit or debit card number details along with your personal information and changes them into bits of code that are then securely sent over the internet. Your browser will show when you are in a secure environment by displaying either a locked padlock or an image of a key in the grey bar at the bottom of the page; it may also warn you when you are entering a secured environment as you go to place your order.

Security in our offices – access to your information is restricted in our Hotels and offices. Only authorised employees who need the information to perform a specific job are granted access to personally identifiable information. The servers that store this information are kept in a secure environment at our Head Office and protected by a Key Access that is retained by the Office Manager and the Finance Director at the Corus Head Office.

Purchase Guarantee – we are so confident about security on our website that when you transact with us we back each of your credit card purchases with a guarantee. In the unlikely event that unauthorised use is made of your credit card, most card issuers either cover all the charges that result from the unauthorised use or may limit your liability to £50. If your credit card issuer holds you liable for any of this £50 we will reimburse you up to the full £50. This guarantee only applies where the unauthorised use is as a direct result of giving us your credit card details on our secure server and not through your own fault.

Our notification Plan in the event of a Data Breach

The Data Protection Officer at Corus Hotels Ltd shall promptly within 48 business hours or immediately after a weekend or a business day after a bank holiday notify the Information Commissioner’s Office and the affected party:

  • of any data breach and the circumstances of such breach;
  • the circumstances of such breach;
  • the steps taken to remedy the breach and
  • prevent similar recurrence.

Links

Our website may contain links to let you to visit other websites of interest easily. Once you have used these links to leave our website, you should be aware that we do not have any control over that other website. As such we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these websites, and they are not governed by this Privacy Policy. Corus Hotels is not responsible for any products and/or services featured on any third-party website. You should exercise caution and look at the Privacy Policy applicable to the website in question.

Notification of Changes to This Policy

If we decide to change our Privacy Policy, we will post these changes on this website so you know what information we collect and how we use it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will tell you. You will have a choice as to whether or not we use your information in this different manner.

Feedback

We want to make sure we’re giving you the information about privacy and security that you want – let us know what you think. If you have any feedback, questions or concerns, please email us at DPO@corushotels.com

CORUS HOTELS:

Corus Hotels Ltd

Corus House

1 Auckland Park

Milton Keynes

MK1 1BU

We run this site to promote our hotels and related products and services and, where these are provided by our partners, to be the link between our customers and our partners. Our partners may have their own privacy policies which you should also look at. We are not responsible for any breach or lack of our partners privacy management or policies. In the event you are not assured by our Partners and Suppliers GDPR Data Governance and/or Privacy Policy you should not proceed with them.